CVE-2023-2609: NULL Pointer Dereference in vim/vim

Reference Links

• https://support.apple.com/en-us/HT213843 (Advisory)
• https://support.apple.com/en-us/HT213844 (Advisory)
• https://support.apple.com/en-us/HT213845 (Advisory)
• https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622
• https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/
• https://support.apple.com/kb/HT213844
• https://support.apple.com/kb/HT213845
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/

Parent vulnerabilities

(Appears in the following advisories)

• HT213843
• HT213844
• HT213845

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2023-40439
• CVE-2023-38616
• CVE-2023-34425
• CVE-2023-38580
• CVE-2023-36862
• CVE-2023-32364
• CVE-2023-35983
• CVE-2023-40392
• CVE-2023-42828
• CVE-2023-34241
• CVE-2023-28319
• CVE-2023-28320
• CVE-2023-28321
• CVE-2023-28322
• CVE-2023-32416
• CVE-2023-40437
• CVE-2023-32418
• CVE-2023-36854
• CVE-2022-3970
• CVE-2023-28200
• CVE-2023-38590
• CVE-2023-38598
• CVE-2023-36495
• CVE-2023-37285
• CVE-2023-38604
• CVE-2023-32734
• CVE-2023-32441
• CVE-2023-38261
• CVE-2023-38424
• CVE-2023-38425
• CVE-2023-32381
• CVE-2023-32433
• CVE-2023-35993
• CVE-2023-38410
• CVE-2023-38606
• CVE-2023-38603
• CVE-2023-38565
• CVE-2023-38593
• CVE-2023-40440
• CVE-2023-38258
• CVE-2023-38421
• CVE-2023-1916
• CVE-2023-38571
• CVE-2023-29491
• CVE-2023-38601
• CVE-2023-32444
• CVE-2023-2953
• CVE-2023-42829
• CVE-2023-38609
• CVE-2023-38259
• CVE-2023-38564
• CVE-2023-38602
• CVE-2023-42831
• CVE-2023-32442
• CVE-2023-32443
• CVE-2023-42832
• CVE-2023-32429
• CVE-2023-1801
• CVE-2023-32654
• CVE-2023-2426
• CVE-2023-2609
• CVE-2023-2610
• CVE-2023-38608
• CVE-2023-38605
• CVE-2023-40397
• CVE-2023-38572
• CVE-2023-38599
• CVE-2023-32445
• CVE-2023-38592
• CVE-2023-38594
• CVE-2023-38595
• CVE-2023-38600
• CVE-2023-38611
• CVE-2023-37450
• CVE-2023-42866
• CVE-2023-38597
• CVE-2023-38133
• CVE-2023-40442
• CVE-2023-41990
• CVE-2023-32422

Frequently Asked Questions

• What is CVE-2023-2609?

  CVE-2023-2609 is a vulnerability in the GitHub repository vim/vim prior to version 9.0.1531 that involves a NULL Pointer Dereference.

• How severe is CVE-2023-2609?

  CVE-2023-2609 has a severity rating of high with a value of 5.5.

• Which software versions are affected by CVE-2023-2609?

  Versions of Vim prior to 9.0.1531 and Fedora 37 are affected by CVE-2023-2609.

• How can I fix CVE-2023-2609?

  To fix CVE-2023-2609, you should update Vim to version 9.0.1531 or later, or update Fedora to a version that includes the fix.

• Where can I find more information about CVE-2023-2609?

  You can find more information about CVE-2023-2609 and the fix at the following references: [Reference 1](https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad), [Reference 2](https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622), and [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/).